<?php defined( '_VALID_MOS' ) or die( include("404.php") );

switch($_POST["hidden"])
{

	case "";
	// khoi dau trang khong co gia tri submit. khong lam zi ca
	break;
	
	/* khoi su ly su kien submit form news */
	case "submit_com_content_news_view";
		if($_POST["task"] == "unpublish"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_news("0", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE) $GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỡi, vui lòng liên hệ quản trị !";
		}
		else if($_POST["task"] == "publish"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_news("1", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE) $GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỡi, vui lòng liên hệ quản trị !";
		}
		
		if($_POST["task"] == "unpublishfocus"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_news_focus("0", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE) $GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỡi, vui lòng liên hệ quản trị !";
		}
		else if($_POST["task"] == "publishfocus"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_news_focus("1", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE) $GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỡi, vui lòng liên hệ quản trị !";
		}
		else if($_POST["task"] == "orderup"){
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_orderdownn($values[$row]) <> FALSE)
				$GLOBALS['msg'] = "";
				else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỡi, vui lòng liên hệ quản trị !";
			}
		}
		else if($_POST["task"] == "orderdown"){
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_orderupn($values[$row]) <> FALSE)					
				$GLOBALS['msg'] = "";
				else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỡi, vui lòng liên hệ quản trị !";
			}
		}

		else if($_POST["task"] == "add"){
			$core_class->_redirect(".?com=com_content&view=news&task=add&sesid=".$_POST["filter_sectionid"]."&catid=".$_POST["catid"]);exit;
		}

		else if($_POST["task"] == "remove"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_remove_news($values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE)
			$GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỡi, vui lòng liên hệ quản trị !";
		}

	break;
	
	/* khoi su ly su kien submit form session */
	case "submit_com_content_session_view";
		if($_POST["task"] == "unpublish"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_session("0", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE)
			$GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
		}
		else if($_POST["task"] == "publish"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_session("1", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE)
			$GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
		}
		else if($_POST["task"] == "orderup"){
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_orderdowns($values[$row]) <> FALSE)
				$GLOBALS['msg'] = "";
				else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
			}
		}
		else if($_POST["task"] == "orderdown"){
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_orderups($values[$row]) <> FALSE)
				$GLOBALS['msg'] = "";
				else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
			}
		}
		else if($_POST["task"] == "remove"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_remove_session($values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE){}
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
		}
	break;
	
	/* khoi su ly su kien submit form category */
	case "submit_com_content_category_view";
		if($_POST["task"] == "unpublish"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_category("0", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE)
			$GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
		}
		else if($_POST["task"] == "publish"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_pulish_and_un_publish_category("1", $values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE) $GLOBALS['msg'] = "";
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
		}

		else if($_POST["task"] == "orderup"){
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_orderdownc($values[$row]) <> FALSE)
				$GLOBALS['msg'] = "";
				else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
			}
		}
		else if($_POST["task"] == "orderdown"){
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_orderupc($values[$row]) <> FALSE)
				$GLOBALS['msg'] = "";
				else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
			}
		}
		else if($_POST["task"] == "remove"){
			$check = FALSE;
			$values = $_POST["cid"];
			$myprocess = new process;
			for ($row = 0; $row < count($values); $row++){
				if($myprocess->process_remove_category($values[$row]) <> FALSE)
				$check = TRUE;
			}
			if($check == TRUE){}
			else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
		}
		else if($_POST["task"] == "add"){
			//header("location: .?mod=newcategories&sesid=".$_POST["sectionid"]);exit;
			$core_class->_redirect(".?com=com_content&view=category&task=add&sesid=".$_POST["sectionid"]);exit;
		}
	break;
	
	case "submit_com_content_session_add";
		$myprocess = new process;
		if($_POST["task"] == "save"){
			if($myprocess->process_addsession($_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"]) <> FALSE){
				$core_class->_redirect(".?com=com_content&view=session&task=view");
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if ($_POST["task"] == "apply"){
			if($myprocess->process_addsession($_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"]) <> FALSE){
				$GLOBALS['msg'] = "Chủ đề đã được thêm thành công!";
				$core_class->_redirect(".?com=com_content&view=session&task=add");
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if($_POST["task"] == "cancel"){
			$core_class->_redirect(".?com=com_content&view=session&task=view");exit;
		}

	break;
	
	case "submit_com_content_session_edit";
		$myprocess = new process;
		if($_POST["task"] == "save"){
			if($myprocess->process_editsession($_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"], $_POST["sid"]) <> FALSE){
				$core_class->_redirect(".?com=com_content&view=session&task=view");
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if ($_POST["task"] == "apply"){
			if($myprocess->process_editsession($_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"], $_POST["sid"]) <> FALSE){
				$GLOBALS['msg'] = "Chủ đề đã được thêm thành công!";
				$core_class->_redirect(".?com=com_content&view=session&task=edit&id=".$_POST["sid"]);
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if($_POST["task"] == "cancel"){
			$core_class->_redirect(".?com=com_content&view=session&task=view");exit;
		}

	break;
	
	case "submit_com_content_category_edit";
		$myprocess = new process;
		if($_POST["task"] == "save"){
			if($myprocess->process_editcategory($_POST["sectionid"], $_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"], $_POST["cid"]) <> FALSE){
				$core_class->_redirect(".?com=com_content&view=category&task=view");
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if ($_POST["task"] == "apply"){
			if($myprocess->process_editcategory($_POST["sectionid"], $_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"], $_POST["cid"]) <> FALSE){
				$GLOBALS['msg'] = "Chủ đề đã được thêm thành công!";
				$core_class->_redirect(".?com=com_content&view=category&task=edit&id=".$_POST["cid"]);
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if($_POST["task"] == "cancel"){
			$core_class->_redirect(".?com=com_content&view=category&task=view");exit;
		}

	break;

	case "submit_com_content_news_edit";
		$myprocess = new process;
		if($_POST["task"] == "save"){
			if($myprocess->process_editnews($_POST["created_by"], $myprocess->txt_htmlspecialchars($_POST["title"]), $core_class->_removesigns($_POST["alias"]), $myprocess->txt_htmlspecialchars($_POST["description"]), $myprocess->txt_htmlspecialchars($_POST["content"]), $_POST["image_file"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["img_status"], $_POST["state"], $_POST["frontpage"], $_POST["catid"], $_POST["sectionid"], $_POST["newsid"]) <> FALSE){
				$core_class->_redirect(".?com=com_content&view=news&task=view");
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if ($_POST["task"] == "apply"){
			if($myprocess->process_editnews($_POST["created_by"], $myprocess->txt_htmlspecialchars($_POST["title"]), $core_class->_removesigns($_POST["alias"]), $myprocess->txt_htmlspecialchars($_POST["description"]), $myprocess->txt_htmlspecialchars($_POST["content"]), $_POST["image_file"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["img_status"], $_POST["state"], $_POST["frontpage"], $_POST["catid"], $_POST["sectionid"], $_POST["newsid"]) <> FALSE){
				$GLOBALS['msg'] = "Chủ đề đã được thêm thành công!";
				$core_class->_redirect(".?com=com_content&view=news&task=edit&id=".$_POST["newsid"]);
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if($_POST["task"] == "cancel"){
			$core_class->_redirect(".?com=com_content&view=news&task=view");exit;
		}

	break;
	
	case "submit_com_content_category_add";
	
		$myprocess = new process;
		if($_POST["task"] == "save"){				
			if($myprocess->process_addcategories($_POST["sectionid"], $_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"]) <> FALSE){
				$core_class->_redirect(".?com=com_content&view=category&task=view");
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if ($_POST["task"] == "apply"){
			if($myprocess->process_addcategories($_POST["sectionid"], $_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["published"]) <> FALSE){
				$GLOBALS['msg'] = "Chủ đề đã được thêm thành công!";
				$core_class->_redirect(".?com=com_content&view=category&task=add&sesid=".$_POST["sectionid"]);
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if($_POST["task"] == "cancel"){
			$core_class->_redirect(".?com=com_content&view=category&task=view&sesid=".$_POST["sectionid"]);exit;
		}

	break;
	
	case "submit_com_content_news_add";
	
		$myprocess = new process;
		if($_POST["task"] == "save"){				
			if($myprocess->process_addnews($_POST["catid"], $_POST["created_by"], $_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $_POST["content"], $_POST["image_file"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["img_status"], $_POST["state"], $_POST["frontpage"]) <> FALSE){
				$core_class->_redirect(".?com=com_content&view=news&task=view&sesid=".$_POST["filter_sectionid"]."&catid=".$_POST["catid"]);
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if ($_POST["task"] == "apply"){
			if($myprocess->process_addnews($_POST["catid"], $_POST["created_by"], $_POST["title"], $core_class->_removesigns($_POST["alias"]), $_POST["description"], $_POST["content"], $_POST["image_file"], $core_class->_formatdatetime($_POST["date_add"]), $_POST["img_status"], $_POST["state"], $_POST["frontpage"]) <> FALSE){
				$GLOBALS['msg'] = "Chủ đề đã được thêm thành công!";
				$core_class->_redirect(".?com=com_content&view=news&task=add");
				exit();
			} else {
				$GLOBALS['msg'] = "Đã có lỗi thêm chủ đề, vui lòng làm lại!";
			}
		} else if($_POST["task"] == "cancel"){
			$core_class->_redirect(".?com=com_content&view=news&task=view&sesid=".$_POST["filter_sectionid"]."&catid=".$_POST["catid"]);
			exit;
		}

	break;	
	
	default:
		$core_class->_redirect(".");exit();
	break;
}

class process{

	// ham su ly them tin moi
	function process_addnews($cat_id, $account, $title, $alias, $description, $content, $file_image, $date, $img_status, $status, $focus){
		$myprocess = new process;
		include("../protected/dbconnect.php");
		$sql = "Insert into news(`CatID`, `AccID`, `Title`, `alias`, `Description`, `Content`, `img_file`, `Date`, `img_status`, `Status`, `Order`, `Focus`) 
		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("ssssssssssss", $cat_id, $account, $myprocess->txt_htmlspecialchars($title), $alias, $myprocess->txt_htmlspecialchars($description), $myprocess->txt_htmlspecialchars($content), $file_image, $date, $img_status, $status, $myprocess->process_getmaxid("news", "Order"), $focus);
		if($cmd->execute() <> FALSE) return true; 
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();				
	}
	
	// ham loai bo ky tu dac biet trong chuoi khi lay ra
	function txt_htmlspecialchars($t="")
	{
		// Use forward look up to only convert & not &#123;
		//$t = str_replace( "<", "&lt;"  , $t );
		//$t = str_replace( ">", "&gt;"  , $t );
		$t = str_replace( "\\", ""  , $t );
		//$t = str_replace( '"', "", $t );
		
		return $t; // A nice cup of?
	}
		
	// ham su ly them moi chu de con
	function process_addcategories($ses_id, $catname, $alias, $description, $date_add, $published){
		$myprocess = new process;
		include("../protected/dbconnect.php");
		$sql = "insert into category (`SesID`, `CatName`, `alias`, `Description`, `date_add`, `Order`, `Status`) 
				values (?, ?, ?, ?, ?, ?, ?)";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("sssssss", $ses_id, $catname, $alias, $description, $date_add, $myprocess->process_getmaxid("category", "Order"), $published);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}

	// ham su them mot mau tin cua chu de cha ( session )
	function process_addsession($title, $alias, $description, $date_add, $published){
		$myprocess = new process;
		include("../protected/dbconnect.php");
		$sql = " Insert Into session(`Title`, `alias`, `Description`, `date_add`, `Order`, `Status`) values (?, ?, ?, ?, ?, ?)";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("ssssss", $title, $alias, $description, $date_add, $myprocess->process_getmaxid("session", "Order"), $published);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly chinh sua mot mau tin cua chu de cha ( session )
	function process_editsession($title, $alias, $description, $date_add, $published, $id){
		$myprocess = new process;
		include("../protected/dbconnect.php");
		$sql = " Update session SET
				`Title` = ?, 
				`alias` = ?, 
				`Description` = ?, 
				`date_add` = ?,
				`Status` = ?
				WHERE Ses_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("ssssss", $title, $alias, $description, $date_add, $published, $id);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly chinh sua mot mau tin cua chu de cha ( session )
	function process_editcategory($sesid, $title, $alias, $description, $date_add, $published, $id){
		$myprocess = new process;
		include("../protected/dbconnect.php");
		$sql = " Update category SET
				`SesID` = ?,
				`CatName` = ?, 
				`alias` = ?, 
				`Description` = ?, 
				`date_add` = ?,
				`Status` = ?
				WHERE Cat_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("sssssss", $sesid, $title, $alias, $description, $date_add, $published, $id);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();		
	}
	
	// ham su ly chinh sua mot mau tin cua ban tin ( news )
	function process_editnews($AccID, $title, $alias, $description, $content, $image_file, $date_add, $img_status, $published, $focus, $catid, $sesid, $newsid){
		$myprocess = new process;
		include("../protected/dbconnect.php");
		$sql = "Update news Set 
				`AccID` = ?, 
				`Title` = ?, 
				`alias` = ?, 
				`Description` = ?, 
				`Content` = ?, 
				`img_file` = ?, 
				`Date` = ?, 
				`img_status` = ?, 
				`Status` = ?, 
				`Focus` = ?, 
				`CatID` = ? 
				Where News_Id = ?";
		$sql1 = "update category set  SesID = ? WHERE Cat_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("ssssssssssss", $AccID, $title, $alias, $description, $content, $image_file, $date_add, $img_status, $published, $focus, $catid, $newsid);
		if($cmd->execute() <> FALSE){
			$cmd1 = $mysqli->prepare($sql1);
			$cmd1->bind_param("ss", $sesid, $catid);
			if($cmd1->execute() <> FALSE){
				return true;
			}
		}
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}

	// ham su lay so thu tu lon nhat cho moi mau tin
	function process_getmaxid($table, $column){
		include("../protected/dbconnect.php");
		$sql = "select MAX(`$column`)+1 As `MaxId` from `$table`;";
		$cmd = $mysqli->prepare($sql);
		$cmd->execute();
		$cmd->bind_result($MaxId);
		if($cmd->fetch()){
			if($MaxId == 0)	return 1;
			else return $MaxId;
		}
		$cmd->close();
		$mysqli->close();
	}
	
/*	------------------	khoi nay la cac ham su ly cua chu de cha(session)	--------------------	*/
	function process_pulish_and_un_publish_session($check, $values){
		include("../protected/dbconnect.php");
		if($check == 0)
		$sql = "Update session Set `Status` = 0 Where Ses_Id = ?";
		else $sql = "Update session Set `Status` = 1 Where Ses_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $values);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly di chuyen mau tin xuong phia duoi cua session
	function process_orderdowns($psesid){
		include("../protected/dbconnect.php");
		$sql = "SELECT (SELECT `Order` from session WHERE ses_Id = $psesid) As `currenOrder`, 
		(SELECT `Order` from session WHERE `Order` > 
		(SELECT `Order` from session WHERE ses_Id = $psesid) 
		Order by `Order` LIMIT 1) As `preOrder`,
		(SELECT Ses_Id from session WHERE `Order` = 
		(SELECT `Order` from session WHERE `Order` > 
		(SELECT `Order` from session WHERE ses_Id = $psesid) 
		Order by `Order` LIMIT 1)) As `preSesid`";
		$cmd = $mysqli->prepare($sql);
		$cmd->execute();
		$cmd->bind_result($currenOrder, $preOrder, $preSesid);
		$cmd->store_result();
		if($cmd->fetch()){
			$sql1 = "update session set `Order` = ? where `Ses_Id` = ?";
			$cmd = $mysqli->prepare($sql1);
			$cmd->bind_param("ss", $currenOrder, $preSesid);
			if($cmd->execute() <> FALSE){
				$sql2 = "update session set `Order` = ? where `Ses_Id` = ?";
				$cmd = $mysqli->prepare($sql2);
				$cmd->bind_param("ss", $preOrder, $psesid);
				if($cmd->execute() <> FALSE){
					return true;
				}
				else echo $mysqli->error;
				return true;					
			}				 
			else echo $mysqli->error;
		}					
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly di chuyen mau tin len phia tren cua session
	function process_orderups($psesid){
		include("../protected/dbconnect.php");
		$sql = "SELECT (SELECT `Order` from session WHERE ses_Id = $psesid) As `currenOrder`, 
		(SELECT `Order` from session WHERE `Order` < 
		(SELECT `Order` from session WHERE ses_Id = $psesid) 
		Order by `Order` desc LIMIT 1) As `preOrder`,
		(SELECT Ses_Id from session WHERE `Order` = 
		(SELECT `Order` from session WHERE `Order` < 
		(SELECT `Order` from session WHERE ses_Id = $psesid) 
		Order by `Order` desc LIMIT 1)) As `preSesid`";
		$cmd = $mysqli->prepare($sql);
		$cmd->execute();
		$cmd->bind_result($currenOrder, $preOrder, $preSesid);
		$cmd->store_result();
		if($cmd->fetch()){
			$sql1 = "update session set `Order` = ? where `Ses_Id` = ?";
			$cmd = $mysqli->prepare($sql1);
			$cmd->bind_param("ss", $currenOrder, $preSesid);
			if($cmd->execute() <> FALSE){
				$sql2 = "update session set `Order` = ? where `Ses_Id` = ?";
				$cmd = $mysqli->prepare($sql2);
				$cmd->bind_param("ss", $preOrder, $psesid);
				if($cmd->execute() <> FALSE){
					return true;
				}
				else echo $mysqli->error;
				return true;					
			}				 
			else echo $mysqli->error;
		}					
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly go bo mau tin trong chu de cha(session)
	function process_remove_session($values){
		include("../protected/dbconnect.php");
		$myprocess = new process;
		if($myprocess->check_exist_session_remove($values) > 0){
			$GLOBALS['msg'] = "Đề mục này đang tồn tại danh mục con, vui lòng xóa danh mục con trước khi xóa đề mục này !!! ";
			return true;
		} else {
			$sql = "Delete from session where Ses_Id = ?";
			$cmd = $mysqli->prepare($sql);
			$cmd->bind_param("s", $values);
			if($cmd->execute() <> FALSE) return true;
			else echo $mysqli->error;
			$cmd->close();
			$mysqli->close();
		}
	}
	
	// ham kiem tra su hop le cua mau tin duoc xoa
	function check_exist_session_remove($Ses_Id){
		include("../protected/dbconnect.php");
		$sql = "SELECT count(*)	FROM `session` INNER JOIN `category` ON `session`.`Ses_Id` = `category`.`SesID` WHERE Ses_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $Ses_Id);
		$cmd->execute();
		$cmd->bind_result($row);
		if($cmd->fetch()){
			return $row;
		}
		$cmd->close();
		$mysqli->close();
	}
	
/*	------------------	ket thuc cac ham su ly cua chu de con(category)	--------------------	*/
	
/*	------------------	khoi nay la cac ham su ly cua chu de con(category)	--------------------	*/
	function process_pulish_and_un_publish_category($check, $values){
		include("../protected/dbconnect.php");
		if($check == 0)
		$sql = "Update category Set `Status` = 0 Where Cat_Id = ?";
		else $sql = "Update category Set `Status` = 1 Where Cat_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $values);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly di chuyen mau tin xuong phia duoi cua category
	function process_orderdownc($pcatid){
		include("../protected/dbconnect.php");
		$sql = "SELECT (SELECT `Order` from category WHERE Cat_Id = $pcatid) As `currenOrder`, 
		(SELECT `Order` from category WHERE `Order` > 
		(SELECT `Order` from category WHERE Cat_Id = $pcatid) 
		Order by `Order` LIMIT 1) As `preOrder`,
		(SELECT Cat_Id from category WHERE `Order` = 
		(SELECT `Order` from category WHERE `Order` > 
		(SELECT `Order` from category WHERE Cat_Id = $pcatid) 
		Order by `Order` LIMIT 1)) As `preSesid`";
		$cmd = $mysqli->prepare($sql);
		$cmd->execute();
		$cmd->bind_result($currenOrder, $preOrder, $preSesid);
		$cmd->store_result();
		if($cmd->fetch()){
			$sql1 = "update category set `Order` = ? where `Cat_Id` = ?";
			$cmd = $mysqli->prepare($sql1);
			$cmd->bind_param("ss", $currenOrder, $preSesid);
			if($cmd->execute() <> FALSE){
				$sql2 = "update category set `Order` = ? where `Cat_Id` = ?";
				$cmd = $mysqli->prepare($sql2);
				$cmd->bind_param("ss", $preOrder, $pcatid);
				if($cmd->execute() <> FALSE){
					return true;
				}
				else echo $mysqli->error;
				return true;					
			}				 
			else echo $mysqli->error;
		}					
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly di chuyen mau tin xuong phia tren cua category
	function process_orderupc($pcatid){
		include("../protected/dbconnect.php");
		$sql = "SELECT (SELECT `Order` from category WHERE Cat_Id = $pcatid) As `currenOrder`, 
		(SELECT `Order` from category WHERE `Order` < 
		(SELECT `Order` from category WHERE Cat_Id = $pcatid) 
		Order by `Order` desc LIMIT 1) As `preOrder`,
		(SELECT Cat_Id from category WHERE `Order` = 
		(SELECT `Order` from category WHERE `Order` < 
		(SELECT `Order` from category WHERE Cat_Id = $pcatid) 
		Order by `Order` desc LIMIT 1)) As `preSesid`";
		$cmd = $mysqli->prepare($sql);
		$cmd->execute();
		$cmd->bind_result($currenOrder, $preOrder, $preSesid);
		$cmd->store_result();
		if($cmd->fetch()){
			$sql1 = "update category set `Order` = ? where `Cat_Id` = ?";
			$cmd = $mysqli->prepare($sql1);
			$cmd->bind_param("ss", $currenOrder, $preSesid);
			if($cmd->execute() <> FALSE){
				$sql2 = "update category set `Order` = ? where `Cat_Id` = ?";
				$cmd = $mysqli->prepare($sql2);
				$cmd->bind_param("ss", $preOrder, $pcatid);
				if($cmd->execute() <> FALSE){
					return true;
				}
				else echo $mysqli->error;
				return true;					
			}				 
			else echo $mysqli->error;
		}					
		$cmd->close();
		$mysqli->close();
	}
	
	/* ham xoa bo mot mau tin trong danh muc */
	function process_remove_category($values){
		include("../protected/dbconnect.php");
		$myprocess = new process;
		if($myprocess->check_exist_category_remove($values) > 0){
			$GLOBALS['msg'] = "Danh mục này đang tồn tại bản tin con, vui lòng xóa bản tin con trước khi xóa danh mục này !!! ";
			return true;
		} else {
			$sql = "Delete from category where Cat_Id = ?";
			$cmd = $mysqli->prepare($sql);
			$cmd->bind_param("s", $values);
			if($cmd->execute() <> FALSE) return true;
			else echo $mysqli->error;
			$cmd->close();
			$mysqli->close();
		}
	}
	
	/* ham kiem tra su hop le cua ban tin khi xoa chu de con */
	function check_exist_category_remove($Cat_Id){
		include("../protected/dbconnect.php");
		$sql = "SELECT count(*) FROM `category` INNER JOIN `news` ON `category`.`Cat_Id` = `news`.`CatID` WHERE Cat_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $Cat_Id);
		$cmd->execute();
		$cmd->bind_result($row);
		if($cmd->fetch()){
			return $row;
		}
		$cmd->close();
		$mysqli->close();
	}
/*	------------------	ket thuc cac ham su ly cua chu de con(category)	--------------------	*/

/*	------------------	khoi nay la cac ham su ly cua ban tin	--------------------	*/
	// ham su ly di chuyen mau tin xuong phia duoi cua news
	function process_orderdownn($pnewsid){

		include("../protected/dbconnect.php");
	
		$sql = "SELECT (SELECT `Order` from news WHERE News_Id = $pnewsid) As `currenOrder`, 
		(SELECT `Order` from news WHERE `Order` > 
		(SELECT `Order` from news WHERE News_Id = $pnewsid) 
		Order by `Order` LIMIT 1) As `preOrder`,
		(SELECT News_Id from news WHERE `Order` = 
		(SELECT `Order` from news WHERE `Order` > 
		(SELECT `Order` from news WHERE News_Id = $pnewsid) 
		Order by `Order` LIMIT 1)) As `preSesid`";
	
		$cmd = $mysqli->prepare($sql);
		$cmd->execute();
		$cmd->bind_result($currenOrder, $preOrder, $preSesid);
		$cmd->store_result();
		if($cmd->fetch()){
			$sql1 = "update news set `Order` = ? where `News_Id` = ?";
			$cmd = $mysqli->prepare($sql1);
			$cmd->bind_param("ss", $currenOrder, $preSesid);
			if($cmd->execute() <> FALSE){
				$sql2 = "update news set `Order` = ? where `News_Id` = ?";
				$cmd = $mysqli->prepare($sql2);
				$cmd->bind_param("ss", $preOrder, $pnewsid);
				if($cmd->execute() <> FALSE){
					return true;
				}
				else echo $mysqli->error;
				return true;					
			}				 
			else echo $mysqli->error;
		}					
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly di chuyen mau tin xuong phia tren cua news
	function process_orderupn($pnewsid){

		include("../protected/dbconnect.php");
		$sql = "SELECT (SELECT `Order` from news WHERE News_Id = $pnewsid) As `currenOrder`, 
		(SELECT `Order` from news WHERE `Order` < 
		(SELECT `Order` from news WHERE News_Id = $pnewsid) 
		Order by `Order` desc LIMIT 1) As `preOrder`,
		(SELECT News_Id from news WHERE `Order` = 
		(SELECT `Order` from news WHERE `Order` < 
		(SELECT `Order` from news WHERE News_Id = $pnewsid) 
		Order by `Order` desc LIMIT 1)) As `preSesid`";
	
		$cmd = $mysqli->prepare($sql);
		$cmd->execute();
		$cmd->bind_result($currenOrder, $preOrder, $preSesid);
		$cmd->store_result();
		if($cmd->fetch()){
			$sql1 = "update news set `Order` = ? where `News_Id` = ?";
			$cmd = $mysqli->prepare($sql1);
			$cmd->bind_param("ss", $currenOrder, $preSesid);
			if($cmd->execute() <> FALSE){
				$sql2 = "update news set `Order` = ? where `News_Id` = ?";
				$cmd = $mysqli->prepare($sql2);
				$cmd->bind_param("ss", $preOrder, $pnewsid);
				if($cmd->execute() <> FALSE){
					return true;
				}
				else echo $mysqli->error;
				return true;					
			}
			else echo $mysqli->error;
		}					
		$cmd->close();
		$mysqli->close();
	}
	
	/* ham su ly go bo mot ban tin */
	function process_remove_news($values){
		include("../protected/dbconnect.php");
		$sql = "Delete from news where News_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $values);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
	
	/* ham su ly xuat ban va khong xuat ban ban tin */
	function process_pulish_and_un_publish_news($check, $values){
		include("../protected/dbconnect.php");
		if($check == 0)
		$sql = "Update news Set `Status` = 0 Where News_Id = ?";
		else $sql = "Update news Set `Status` = 1 Where News_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $values);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
	
	/* ham su ly ban tin co la tin tieu diem hay khong */
	function process_pulish_and_un_publish_news_focus($check, $values){
		include("../protected/dbconnect.php");
		if($check == 0)
		$sql = "Update news Set `Focus` = 0 Where News_Id = ?";
		else $sql = "Update news Set `Focus` = 1 Where News_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $values);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
/*	------------------	ket thuc cac ham su ly cua ban tin	--------------------	*/
}
?>